BGP Cheat Sheet =============== Cheat sheet for the Wednesday BGP exercises. All IP addresses and ASNs provided here are examples only - please do not use these in the lab, or on the real Internet. ! !--------------Standard configuration---- hostname router1 ! give your router a name enable secret xxxxx service password-encryption ip classless ip subnet-zero ip bgp-community new-format no ip source-route ipv6 unicast-routing no ipv6 source-route ! !--------------BGP Configuration------ router bgp 51234 ! Initial BGP config statement ! defines your ASN no bgp default ipv4-unicast ! don't assume that all peers are ! IPv4 unicast peers !----------------IPv4------------------------------------------------------- address-family ipv4 ! jump into the IPv4 address family no synchronization ! Do not synchronize with the IGP no auto-summary ! no classfull boundaries network 103.223.0.0 mask 255.255.0.0 ! network to announce into BGP ! also needs pull-up route: ip route 103.223.0.0 255.255.0.0 Null0 250 !---------------First Peer------------- neighbor 101.98.66.11 remote-as 51357 ! peer's address and AS number neighbor 101.98.66.11 description BigISP Transit (noc@upstream.net) ! name and contact info is useful neighbor 101.98.66.11 send-community ! Send communities to peers neighbor 101.98.66.11 version 4 ! BGP version 4 neighbor 101.98.66.11 password ! password for eBGP session neighbor 101.98.66.11 prefix-list sanity-filter in ! filter all incoming announcements ! against this prefix-list neighbor 101.98.66.11 prefix-list my-routes out ! filter all outgoing announcements ! against this prefix-list neighbor 101.98.66.11 activate !---------------Second Peer------------ neighbor 101.55.13.7 remote-as 53512 ! peer's address and AS number neighbor 101.55.13.7 description SmallISP Peering (noc@smallisp.net) ! name and contact info is useful neighbor 101.55.13.7 send-community ! Send communities to peers neighbor 101.55.13.7 version 4 ! BGP version 4 neighbor 101.55.13.7 password ! password for eBGP session neighbor 101.55.13.7 prefix-list as53512-in in ! filter all incoming announcements ! against this prefix-list neighbor 101.55.13.7 prefix-list my-routes out ! filter all outgoing announcements ! against this prefix-list neighbor 101.55.13.7 activate !---------------Internal Peer---------- neighbor 102.108.0.1 remote-as 51234 ! iBGP (remote AS is same as local AS) neighbor 102.108.0.1 description IBGP-peer ! useful info: neighbor description neighbor 102.108.0.1 version 4 ! BGP version 4 neighbor 102.108.0.1 password ! password for iBGP session neighbor 102.108.0.1 update-source loopback 0 ! always use loopback for iBGP neighbor 102.108.0.1 send-community ! Send communities to internal peers neighbor 102.108.0.1 activate !----------------IPv6------------------------------------------------------- address-family ipv6 ! jump into the IPv6 address family network 2134:cafe::/32 ! network to announce into BGP ! also needs pull-up route: ipv6 route 2134:cafe::/32 Null0 250 !---------------First Peer------------- neighbor 2008:34ce::1 remote-as 51357 ! peer's address and AS number neighbor 2008:34ce::1 description BigISP Transit (noc@upstream.net) ! name and contact info is useful neighbor 2008:34ce::1 send-community ! Send communities to peers neighbor 2008:34ce::1 version 4 ! BGP version 4 neighbor 2008:34ce::1 password ! password for eBGP session neighbor 2008:34ce::1 prefix-list v6sanity-filter in ! filter all incoming announcements ! against this prefix-list neighbor 2008:34ce::1 prefix-list my-v6routes out ! filter all outgoing announcements ! against this prefix-list neighbor 2008:34ce::1 activate !---------------Second Peer------------ neighbor 2001:caf::e remote-as 53512 ! peer's address and AS number neighbor 2001:caf::e description SmallISP Peering (noc@smallisp.net) ! name and contact info is useful neighbor 2001:caf::e send-community ! Send communities to peers neighbor 2001:caf::e version 4 ! BGP version 4 neighbor 2001:caf::e password ! password for eBGP session neighbor 2001:caf::e prefix-list as53512-in in ! filter all incoming announcements ! against this prefix-list neighbor 2001:caf::e prefix-list my-v6routes out ! filter all outgoing announcements ! against this prefix-list neighbor 2001:caf::e activate !---------------Internal Peer---------- neighbor 2020:ce1::9 remote-as 51234 ! iBGP (remote AS is same as local AS) neighbor 2020:ce1::9 description IBGP-peer ! useful info: neighbor description neighbor 2020:ce1::9 version 4 ! BGP version 4 neighbor 2020:ce1::9 password ! password for iBGP session neighbor 2020:ce1::9 update-source loopback 0 ! always use loopback for iBGP neighbor 2020:ce1::9 send-community ! Send communities to internal peers neighbor 2020:ce1::9 activate ! ip prefix-list my-routes description Allow my routes and deny others ip prefix-list my-routes seq 5 permit 128.223.0.0/16 ip prefix-list my-routes seq 100 deny 0.0.0.0/0 le 32 ! ip prefix-list as53512-in description All routes for peer AS 53512 ip prefix-list as53512-in seq 5 permit 205.240.25.0/24 ip prefix-list as53512-in seq 10 permit 199.217.92.0/22 ip prefix-list as53512-in seq 15 permit 206.40.128.0/22 ip prefix-list as53512-in seq 100 deny 0.0.0.0/0 le 32 ! ! prefix-list to deny some bad prefixes, permit almost everything else, ! but deny prefixes longer than /24 - see RFC3330 and Project Cymru ! (www.cymru.com/Documents) for more info ! ip prefix-list sanity-filter description "Deny default, RFC1918, net 10" ip prefix-list sanity-filter seq 15 deny 10.0.0.0/8 le 32 ip prefix-list sanity-filter seq 10 deny 127.0.0.0/8 le 32 ip prefix-list sanity-filter seq 20 deny 169.254.0.0/16 le 32 ip prefix-list sanity-filter seq 20 deny 172.16.0.0/12 le 32 ip prefix-list sanity-filter seq 30 deny 192.0.2.0/24 le 32 ip prefix-list sanity-filter seq 25 deny 192.168.0.0/16 le 32 ip prefix-list sanity-filter seq 50 permit 0.0.0.0/0 le 24 ! ip route 103.223.0.0 255.255.0.0 null0 250 ! pull up route for BGP network ! ! ipv6 route 2134:cafe::/32 null 0 250 ! pull up route for BGP network ! ipv6 prefix-list my-v6routes description Allow my IPv6 routes and deny others ipv6 prefix-list my-v6routes seq 5 permit 2134:cafe::/32 ipv6 prefix-list my-v6routes seq 100 deny ::/0 le 128 ! ipv6 prefix-list as53512-in description All routes for peer AS 53512 ipv6 prefix-list as53512-in seq 5 permit 2005:cea::/32 ipv6 prefix-list as53512-in seq 10 permit 2001:caf::/32 ipv6 prefix-list as53512-in seq 100 deny ::/0 le 128 ! ! v6 sanity filter - see Project Cymru (www.cymru.com/Bogons/ipv6.txt) for more info ! ipv6 prefix-list v6sanity-filter description Sanity Inbound ipv6 prefix-list v6sanity-filter deny ::/0 ipv6 prefix-list v6sanity-filter deny ::1/128 ipv6 prefix-list v6sanity-filter deny ::/128 ipv6 prefix-list v6sanity-filter deny ::/96 ipv6 prefix-list v6sanity-filter deny ::ffff:0:0/96 ipv6 prefix-list v6sanity-filter deny ::/8 le 128 ipv6 prefix-list v6sanity-filter deny fe80::/10 le 128 ipv6 prefix-list v6sanity-filter deny fec0::/10 le 128 ipv6 prefix-list v6sanity-filter deny fc00::/7 le 128 ipv6 prefix-list v6sanity-filter deny ff00::/8 le 128 ipv6 prefix-list v6sanity-filter deny 2001:db8::/32 le 128 ipv6 prefix-list v6sanity-filter permit ::/0 le 128 !